CVE-2016-0818
EUVD-2016-082912.03.2016, 21:59
The caching functionality in the TrustManagerImpl class in TrustManagerImpl.java in Conscrypt in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 mishandles the distinction between an intermediate CA and a trusted root CA, which allows man-in-the-middle attackers to spoof servers by leveraging access to an intermediate CA to issue a certificate, aka internal bug 26232830.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| android | 4.0 | |
| android | 4.0.1 | |
| android | 4.0.2 | |
| android | 4.0.3 | |
| android | 4.0.4 | |
| android | 4.1 | |
| android | 4.1.2 | |
| android | 4.2 | |
| android | 4.2.1 | |
| android | 4.2.2 | |
| android | 4.3 | |
| android | 4.3.1 | |
| android | 4.4 | |
| android | 4.4.1 | |
| android | 4.4.2 | |
| android | 4.4.3 | |
| android | 5.0 | |
| android | 5.0.1 | |
| android | 5.0.2 | |
| android | 5.1 | |
| android | 5.1.0 | |
| android | 5.1.1 | |
| android | 6.0 | |
| android | 6.0.1 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Common Weakness Enumeration
References